The crypto hardware wallet manufacturer Ledger has experienced a massive data breach in which email addresses and other identification information of a million customers has been stolen. According to the crypto wallet’s official announcement, “An unauthorized third party had access to a portion of our e-commerce and marketing database through an API Key.” The API key has been deactivated and is no longer accessible, the crypto hardware wallet company informed.
A researcher participating in Ledger’s bounty program discovered the data breach.
The attack in which data was stolen occurred on June 25, but the Ledger team was made aware of the incident on July 14 when a researcher participating in Ledger’s bounty program discovered the data breach. According to the crypto hardware wallet company, the attackers gained access to the e-commerce and marketing database and then stole email addresses of 1 million customers as well as the first and last name, postal address, phone number, and ordered products of 9,500 customers. However, the company assured that no payment information or digital currency private keys were compromised in the attack.
Cryptocurrency scams continue to rise amid the ongoing pandemic.
The crypto hardware wallet company Ledger has contacted the French Data Protection Authority to inform them of the breach and has partnered with Orange Cyberdefense to assess the damage and potential consequences of the attack. The company has warned its users to look out for phishing scams in the near future. The attackers may use the data they obtained to solicit customers and try to obtain access to their digital currency wallets, the company informed.
Earlier, the microblogging platform giant Twitter experienced a massive security breach in which hackers managed to hack into the accounts of prominent users, including former US President Barack Obama, Joe Biden, Elon Musk, and many others. The hackers put out tweets from these compromised accounts seeking bitcoins.